According to the Federal Trade Commission (FTC), many people are being targeted by scammers asking for payment in the form of gift cards. These scammers may call people claiming to be with the IRS, or tech support, or a so-called family member in need. If you’ve gotten a call like this, you know that the caller will then demand the gift card numbers and PIN.

And, poof, your money is gone.

Scammers are good at convincing people there really is an emergency, so lots of people have made the trip to local merchants to buy gift cards to send these callers. And scammers love gift cards – it’s one of their favorite ways to get your money. These cards are like giving cash – and nearly untraceable, unless you act almost immediately.

Here’s the most important thing for you to know: anyone who demands payment by gift card is always a scammer.

Gift cards are for gifts, not payments. If you’ve bought a gift card and lost money to someone who might be a scammer, tell the company who issued the card. (The contact info might be on the card, but might require some research). Tell them their card was used in a scam. If you act quickly enough, they might be able to get your money back. But – either way – it’s important that they know what happened to you. And then please tell the FTC about your loss by visiting www.ftc.gov/complaint*. Your report helps the FTC try to shut the scammers down.

Shoppers looking for a good deal this holiday season should also be aware of increasingly aggressive and creative scams designed by criminals to steal money and personal information. According to the FBI’s Internet Crime Complaint Center (IC3) 2016 Internet Crime Report, the IC3 received a total of 298,728 complaints with reported losses in excess of $1.3 billion in 2016. This past year, the top three crime types reported by victims were non-payment and non-delivery, personal data breaches, and payment scams. The FBI wants shoppers to be extra vigilant of the following schemes and red flags.

Online Shopping Scams: If a deal looks too good to be true, it probably is. Steer clear of unfamiliar sites offering unrealistic discounts on brand name merchandise or gift cards as an incentive to purchase a product, as you may end up paying for an item, giving away personal information, and receive nothing in return except a compromised identity. In addition, do not open any unsolicited e-mails or click on the links provided. Before shopping online, secure all bank and credit accounts with strong and different passwords. The same should be done for airline and rewards accounts, because the emergence of these offerings has led to an increase in the demand for and resale value of stolen information.

Social Media Scams: Beware of posts on social media sites that appear to offer vouchers or gift cards, even if it appears the offer was shared by an online friend. Some may pose as holiday promotions or contests that lead to participation in an online survey designed to steal personal information. In addition, do not post photos of event tickets on social media sites as fraudsters can use the barcode to recreate tickets for resale.

Craigslist Scams: Websites like Craigslist or eBay are especially popular during the holiday season, as people look for bargains or sell unneeded items for cash. Take steps to protect yourself by recognizing scams. Most scams attempts involve one or more of the following (source: https://www.craigslist.org/about/scams*):

Smartphone App Scams: Some apps, often disguised as games and offered for free, may be designed to steal personal information from your device. Before downloading an app from an unknown source, look for third-party reviews and be mindful that alternative app marketplaces can potentially include stolen content and compromised versions of otherwise trustworthy applications.

Work-From-Home Scams: Beware of postings offering work that can be done from the comfort of home, as these opportunities may have unscrupulous motivations behind them. Take caution when money is required up front for instructions or products, or when a job post claims “no experience necessary.” Carefully research individuals or companies before providing them with personal information and never provide personal information when first interacting with a potential employer.

Additional steps to avoid becoming a victim of fraud:

Check bank and credit card statements routinely, including immediately after making an online purchase and weeks following the holiday season.

Only purchase merchandise from a reputable source.

Don’t trust a website to be secure just because it claims to be.

Do not respond to spam e-mails or click on links contained within them.

Avoid filling out forms contained in e-mails that ask for personal information.

Be cautious of all e-mail attachments and scan them for viruses before opening.

Verify requests for personal information from businesses or financial institutions by contacting them using the main contact information on their official website.

Be cautious when dealing with individuals outside of your own country.

How to report fraud: Consumers who suspect they’ve been victimized should immediately contact their financial institution and then law enforcement. Arvest customers with concerns about their accounts can report fraud by emailing reportfraud@arvest.com.

They are also encouraged to file a complaint with the FBI’s Internet Crime Complaint Center (www.ic3.gov*) regardless of dollar amount lost, and provide all relevant information regarding the complaint.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.

Everywhere you turn today you seem to be bombarded with news coverage concerning the urgency of combating cybercrime, bad actors and hackers. There are many variations of malicious software, or “malware,” but financial malware, as its name implies is written specifically to commit financial fraud.

Cybercriminals use a variety of methods to infect their victims with malware including sending them email messages containing infected attachments or links to infected websites.

Once the victim is infected, the malware monitors the victim’s activity and may steal online banking credentials and other personal information using keystroke logging or screen shots images.

In some cases, hackers may use the victim’s own web browser to collect sensitive information (e.g., the victim's PIN) by adding extra fields to legitimate online forms or by changing website wording and messaging, or by triggering legitimate-looking pop-up forms in real-time.

Financial malware may redirect the victim to a fake website designed to mimic a legitimate bank website. As the victim enters their credentials, the malware then redirects them into the legitimate site, potentially triggering a SMS or other second-factor authentication code that the Trojan can then capture via the fake website.

How to Protect Yourself

Most threats still need user interaction to infect a potential victim’s system. For this reason, becoming aware of these threats and diligently taking extra precautions can significantly reduce the risk of becoming a victim of cybercrime.

Keep your operating system, web browser and other software up to date.

Make sure your computer has both an anti-spyware protection program that detects and removes spyware and an anti-virus program. Keep both programs updated. Scan your computer for viruses and spyware on a regular basis.

Be very protective of your personal account information. There are criminals who try to trick you by creating sites that look similar to real sites. The best way to know who you are dealing with is to type the address in your browser address bar; don’t click on a link that’s provided to you via email.

Do not open attachments in email messages if you do not know the sender or weren’t expecting the message. Attachments can contain viruses and spyware.

Avoid logging into password protected websites, such as online banking or email services from public computers. Instead, use trusted or secured networks.

Avoid downloading apps to your mobile phone from unofficial stores and pay attention to the permissions requested by apps before their installation.

Always sign off from sessions and close your browser after using password protected websites.

If you suspect your computer may be infected or that your online banking credentials may have been compromised, contact your bank and change your password from a different trusted computer. Contact a computer security professional for assistance in removing malicious software.

With an increasing number of businesses operating online in addition to traditional means, it is critical that both consumers and business owners know how to help protect themselves from identity theft and fraud. Fraud not only can ruin the shopping experience, but have disastrous and long-lasting effects for a business. Even if your company doesn’t conduct retail business online, it is important to protect your private business information and data.

Limit what you carry. When you go out, take only the identification, and business credit or debit cards you need.

Lock your financial documents and records in a safe place, such as a safe or locked file cabinet that only you have access to.

Before you share information with vendors, ask why they need it, how they will safeguard it, and the consequences of not sharing.

Install anti-virus software, anti-spyware software, and a firewall on all company computers. Set your preference to update these protections often.

Don’t open files, click on links, or download programs sent by strangers. Opening a file from someone you don’t know could expose your system to a computer virus or spyware that captures your passwords or other information you type.

Before you send your business information via your laptop or smartphone over a public wireless network in a public place, see if your information will be protected. If you use an encrypted website, it protects only the information you send to and from that site. If you use a secure wireless network, all the information you send on that network is protected.

Keep financial information on your laptop only when necessary. Don’t use an automatic login feature that saves your user name and password, and always log off when you’re finished.

For more extensive information on privacy and identity protection, visit www.ftc.gov* and look for the ‘Tips & Advice’ tab. If you’re interested in fraud prevention services for your business that includes theft-resolution and account monitoring services, Arvest offers ACH Fraud Block and ChecXchange® with some of its business services. To learn more, visit www.arvest.com and select Fraud Prevention under the ‘Business’ tab.

Links marked with * go to a third-party site not operated or endorsed by Arvest Bank, an FDIC-insured institution.

In a recent twist, scam artists are using the phone to try to break into your computer. They call claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need. But the purpose behind their elaborate scheme isn’t to protect your computer – it’s to steal your identity or/and to make money.

How Tech Support Scams Work

Scammers have been peddling bogus security software for years. They set up fake websites, offer free “security” scans*, and send alarming messages to try to convince you your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

The latest version of the scam begins with a phone call. Scammers can get your name and other basic information from public directories. They often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim they are viruses. Their tactics are designed to scare you into believing they can help fix your “problem.”

Once they’ve gained your trust, they may:

Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.

Try to enroll you in a worthless computer maintenance or warranty program.

Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.

Trick you into installing malware that could steal sensitive data, like user names and passwords.

Direct you to websites and ask you to enter your credit card number and other personal information.

Regardless of the tactics they use, their purpose is to steal your identity or/and to make money.

If You Get a Call

If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.

Keep these other tips in mind:

Don’t give control of your computer to a third party who calls you out of the blue.

Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers.

If you want tech support, look for a company’s contact information on their software package or on your receipt.

Never provide your credit card or financial information to someone who calls and claims to be from tech support.

If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.

Never give your password on the phone. No legitimate organization calls you and asks for your password.

If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:

Get rid of malware*. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem.

Change any passwords you gave out. If you use these passwords for other accounts, change those accounts, too.

If you paid for bogus services with a credit card, call your credit card provider and ask if they can reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.

If you believe someone may have accessed your personal or financial information, visit the FTC’s identity theft website*. You can minimize your risk of further damage and repair any problems already in place.

If you paid for tech support services, and you later get a call about a refund, don’t give out any personal information. The call is almost certainly another trick to take your money.

The refund scam* works like this: Several months after the purchase, someone might call to ask if you were happy with the service. When you say you weren’t, the scammer offers a refund. Or, the caller may say the company is going out of business and providing refunds for “warranties” and other services.

In either case, the scammers eventually ask for a bank or credit card account number. Or they ask you to create a Western Union account. They might even ask for remote access to your computer to help you fill out the necessary forms. But instead of putting money in your account, the scammers withdraw money from your account. If you get a call like this, hang up, and report it at ftc.gov/complaint*.

Conclusion

You don’t need to be a victim of a tech support scam. Learn how these scams work, so you can detect them for what they are and protect yourself.

Investment products and services are provided by Arvest Investments, Inc., doing business as Arvest Asset Management, member FINRA/SIPC, an SEC registered investment adviser and a subsidiary of Arvest Bank. Trust services are provided by Arvest Bank. Insurance products are made available through Arvest Insurance, Inc., which is registered as an insurance agency. Insurance products are marketed through Arvest Insurance, Inc., but are underwritten by insurance companies.
Securities and Insurance Products: Not Insured by FDIC or any Federal Government Agency, May Lose Value, Not a Deposit of or Guaranteed by a Bank or any Bank Affiliate.